[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] C drive hack

Subject: RE: [cobalt-users] C drive hack
From: flash22@xxxxxxx
Date: Tue Sep 18 06:56:13 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Tue, 18 Sep 2001, Octavio Heredia wrote:

> What is causing those entries on our log files? Is our data in danger of
> being compromised? Thank you very much, I just adopted our Raq4 where a lot
> of critical information is stored. Any other information of these log
> entries would be of great help.

Well, if the information is 'critical' i'd surely hope you maintain
backups ;)

As to the log entries, they are trying to run a program that would only
exist on a windows server, since a raq isn't running windows, the attempt
to gain access it totally pointless and will not do anything except
generate lots of annoying log entries....You can still sleep at night...if
you have backups ;)

> >/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"

cms.exe is somewhat like a shell, it runs commands, in this case, it's
being asked to just list a dorectory (eg 'dir') , if it works the machine
doing it probably notices the fact that it worked and then does something
further...(hmm)

gsh

References:
- RE: [cobalt-users] C drive hack
  - From: Octavio Heredia

Prev by Date: Re: [cobalt-users] Qube 2 firewall/restore CD problems
Next by Date: [cobalt-users] OT: Block Code Red resource usage on Cobalt servers
Previous by thread: RE: [cobalt-users] C drive hack
Next by thread: RE: [cobalt-users] C drive hack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index